Does nginx support SSL resumption?
mike503 at gmail.com
Sat May 30 21:27:06 MSD 2009
2009/5/30 Igor Sysoev <is at rambler-co.ru>:
> Yes. However, built-in OpenSSL session cache leads to memory fragmentation,
> see http://marc.info/?t=120127289900027
Is this an OpenSSL bug? I think there's an OpenSSL bug I am hitting as
well with Firefox 3.x (even using the ssl_protocols workaround) - if
this is a bug in OpenSSL I'd like to go yell at them for both... :)
> Also I do think that shared SSL session cache should be enabled by default.
> BTW, http://wiki.nginx.org/NginxHttpSslModule is outdated:
> ssl_session_cache has yet two paramters "off" and "none" (default one):
> "off" is hard off: nginx says explicitly to a client that sessions can not
> "none" is soft off: nginx says to a client that session can be resued, but
> nginx actually never reuses them. This is workaround for some mail clients
> as ssl_session_cache may be used in mail proxy as well as in HTTP server.
I've updated the wiki with this information.
Does it still accept two parameters as shown int he example on the
wiki? I want to make sure that is still legitimate. I assume that
means it will use the first cache and fall back to the second if it is
full or something?
Please verify my changes are correct. I don't want to be putting up
incorrect information :)
More information about the nginx